More on the hype behind OpenSSH flaw that could leak crypto keys

Richard Adhikari wrote a good overview about the “OpenSSH Flaw Could Leak Crypto Keys” in the LinuxInsider.com website. I got quoted : The flaws are not dangerous, security consultant Sorin Mustaca said. “In order to exploit this vulnerability, an attacker must convince its target OpenSSH client to connect to a malicious server — an unlikely scenario — or compromise a trusted server and install a special build of the OpenSSH server having roaming activated,” he told LinuxInsider. The second option “is possible but also unlikely to happen.” If hackers compromise a server to the degree that they can replace OpenSSH,…

Quoted in Tech News World: Paris Attacks Deepen Encryption Debate

Paris Attacks Deepen Encryption Debate By Richard Adhikari Nov 18, 2015 5:00 AM PT   ISIS has threatened to attack the United States and continue its reign of terror elsewhere in the world, so an argument could be made that the high-tech industry would serve the greater good by agreeing to weaken encryption. “No, it should not,” maintained security expert Sorin Mustaca. “There has to always be somebody who controls those that control everyone else. The day when security companies give in to those demands is the day there’s no privacy for everyone,” he told TechNewsWorld.   Additional comments not…

Quoted in ECommerceTimes: Gmail to Warn Users of Unencrypted Email

Gmail to Warn Users of Unencrypted Email Author: Richard Adhikari   Quotes: The warning “will help in cases where hackers try to perform DNS poisoning while trying to infect or phish users visiting well-established websites,” security consultant Sorin Mustaca said.   Going with TLS is not necessarily the answer because “many emails would not reach their destination if the destination servers don’t support TLS,” security consultant Mustaca told the E-Commerce Times. Emails continue to be delivered because of opportunistic encryption. “Servers first try to establish a TLS connection and, if they don’t succeed, they continue communicating on unencrypted connections,” he explained.


ENCRYPTION IS NOT SOLVING ALL CYBERSECURITY PROBLEMS     Sorin Mustaca, CSSLP, shares his thoughts from a recent Frankfurt-based automotive show on the overreliance of the car industry on Encryption, noting “…all those lights are sensors and processors which communicate with each other via the CAN BUS (Controller Area Network). If one of them is compromised, it will send invalid data to the others and the consequences are unpredictable. The data will leave the car encrypted and will be decrypted on destination, but the information is compromised.”      

No Picture

What you need to know about the “Hacking Team” which was hacked (and I was quoted)

My good friend Richard Adhikari has written yesterday a very good article about this incident. Read it here: Hacking Team’s Dingy Laundry Hung Out Online Here is where I get quoted as founder of Sorin Mustaca IT Security Consulting: A Black Bag Job? “It could be that some government agency who’s a customer of Hacking Team decided to discredit them and force them to close their doors,” said Sorin Mustaca, founder of Sorin Mustaca IT Security Consulting. “These special customers don’t like to leave traces of their acquisitions,” he told the E-Commerce Times.   Here are additional comments Apparently, on…

No Picture

Comments on Privacy for “Data Privacy Day 2015”

My comments on Data Privacy Day 2015: Top Experts Comment on Privacy Issues (+Infographic) from http://www.cloudwards.net.   Our society has become in a very short time digitally connected and the consumers didn’t have the time to understand the implications of data privacy on their lives. We can be sure that every provider of an online service is doing everything legally possible to obtain maximum information about its users. This is person related information, as well as information that the user is voluntarily (or not) sharing with others in online platforms. Because many people don’t take their online actions seriously or don’t understand the consequences,…

No Picture

Quoted in Technewsworld.com: Botnet Twists the Knife in iCloud Security

Author:Richard Adhikari Article:Botnet Twists the Knife in iCloud Security Reduce, Reuse, Recycle For the record, though, “Waledac and Kelihos both send spam, and this is the reason for the confusion,” IT security expert Sorin Mustaca told TechNewsWorld. Both use email to spread but in different ways. The same group of cybercriminals may have created the code for these worms, because “there aren’t that many cybercriminals who can create a complex piece of software,” Mustaca suggested. “This is just using the old Kelihos [worm] with a new email payload.” Fixing the Problem Symantec reiterated well-known practices users can follow to protect themselves: Be…

No Picture

Quoted in SecurityWeek.com about the eBay data breach

eBay, Security Experts Say Database Dump is Fake By Eduard Kovacs on May 23, 2014 It’s uncertain who is behind the attack, but other cybercriminals and scammers are already trying to profit from the incident. Experts have reported seeing a higher number of PayPal and eBay phishing attacks, (links to this blog) and, a post on Pastebin was found offering to sell 145,312,663 eBay customer records for 1.453 Bitcoin (around $750). “What I find very distressful is the fact that the breach occurred 2 months ago and they found out just two weeks ago,” IT security expert Sorin Mustaca told SecurityWeek.   As far as disclosing…

No Picture

Quoted in Dell Tech Page One: The value of not paying cyber extortionists

The value of not paying cyber extortionists By Erin Richey According to Sorin Mustaca, product manager for anti-virus company Avira GMBH, most extortionists negotiate in good faith. “In general, it is not common that the cybercriminals don’t keep their promise. They keep their promise because they want the next victim to pay,” wrote Mustaca in an email interview. He added, “The information we have about this phenomenon is very, very scarce. People are afraid to tell and, I think, also ashamed.” […] But Mustaca wrote that this is the reason not to pay: “If someone pays, even if it is $1, the…

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.